Having some trouble using Fiddler to intercept HTTPS with Firefox

1,236 views
Skip to first unread message

Aaron Hachenberg

unread,
Jun 20, 2013, 10:24:55 AM6/20/13
to httpf...@googlegroups.com
Information on the setup:
Windows Embedded Standard 2009 (thin client, the kernel is Windows XP)
Includes a demand dial local proxy which uses the fiddlercore4.dll (4.3.9.3)

Errors received:
  • From Firefox attempting to connect through fiddler proxy to HTTPS target "Error code: sec_error_bad_signature)"
  • From proxy log:
    • 6/20/2013 9:09:40 AM Before request for: http://blah.blah.local:443
    • 6/20/2013 9:09:40 AM *** Marking connection for http://blah.blah.local:443
    • 6/20/2013 9:09:40 AM connect modem called
    • 6/20/2013 9:09:40 AM Starting connection retry #1
    • 6/20/2013 9:09:40 AM network already connected...skipping
    • 6/20/2013 9:09:40 AM 27:HTTP 200 for http://blah.blah.local:443
    • 6/20/2013 9:09:40 AM Finished session: http://blah.blah.local:443
    • 6/20/2013 9:09:40 AM *** Removing connection for http://blah.blah.local:443
    • 6/20/2013 9:09:40 AM ** LogString: fiddler.network.https> Failed to secure existing connection for blah.blah.local. The remote certificate is invalid according to the validation procedure..
    • 6/20/2013 9:09:40 AM No currentModemConnection
We have a couple of environments here for this web app.  Test, stage, prod... However they each have variances in SSL certs, Prod is a purchased cert while Test is generic/ self signed.  I encounter these errors when I attempt to move the thin client from one environment to the next.

What I've done to attempt fixing this (but have gotten no where):
  • Followed this guide using the option without fiddler hook.  Note that i also checked the option when making the cert to ignore all cert errors.
  • deleted all associated certs in Firefox and regenerated new keys from fiddler using instruction above and tried again
  • Tried browsing to the site from the fiddler app, in Firefox nothing happens, zero.  In IE I get "Makecert.exe returned -1"
Other tribal knowledge:
This local demand dial proxy was created within my shop by a developer that is no longer with my team.  Yay.  I'm a Server/Storage engineer that struggles with SSL certs and who really doesn't know how fiddler works.  :D

EricLaw

unread,
Jun 21, 2013, 2:38:06 AM6/21/13
to httpf...@googlegroups.com
You either need to configure the Windows client (running FiddlerCore) to trust the remote site's self-signed certificate (use CertMgr.msc) or set Fiddler.CONFIG.IgnoreServerCErtErrors to true. You may also need to configure Firefox to trust the FiddlerCore-generated root certificate but first fix the other bit and see if the situation is corrected.
Reply all
Reply to author
Forward
0 new messages